Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetSvcNames ¶
GetSvcNames returns command separated list of service names
Types ¶
type Config ¶
type Config struct { Version string `json:"version,omitempty"` //name of the provider Service string `json:"service,omitempty"` //name of the service for the identity Services map[string]ConfigService `json:"services,omitempty"` //names of the multiple services for the identity Ssh *bool `json:"ssh,omitempty"` //ssh certificate support Accounts []ConfigAccount `json:"accounts,omitempty"` //array of configured accounts SanDnsWildcard bool `json:"sandns_wildcard,omitempty"` //san dns wildcard support SanDnsHostname bool `json:"sandns_hostname,omitempty"` //san dns hostname support FileDirectUpdate bool `json:"file_direct_update,omitempty"` //update key/cert files directly instead of using rename }
Config represents entire sia_config file
type ConfigAccount ¶
type ConfigAccount struct { Provider string `json:"provider,omitempty"` //name of the provider Name string `json:"name,omitempty"` //name of the service identity User string `json:"user,omitempty"` //the user name to chown the cert/key dirs to. If absent, then root. Group string `json:"group,omitempty"` //the group name to chown the cert/key dirs to. If absent, then athenz. Domain string `json:"domain,omitempty"` //name of the domain for the identity Account string `json:"account,omitempty"` //name of the account Service string `json:"service,omitempty"` //name of the service for the identity Zts string `json:"zts,omitempty"` //the ZTS to contact Roles map[string]ConfigRole `json:"roles,omitempty"` //map of roles to retrieve certificates for Version string `json:"version,omitempty"` // sia version number }
ConfigAccount represents each of the accounts that can be specified in the config file
type ConfigRole ¶
type ConfigRole struct {
Filename string `json:"filename,omitempty"`
}
ConfigRole represents a role to be specified by user, and specify attributes for the role
type ConfigService ¶
type ConfigService struct { KeyFilename string `json:"key_filename,omitempty"` CertFilename string `json:"cert_filename,omitempty"` User string `json:"user,omitempty"` Group string `json:"group,omitempty"` }
ConfigService represents a service to be specified by user, and specify User/Group attributes for the service
type Options ¶
type Options struct { Provider string //name of the provider Name string //name of the service identity User string //the user name to chown the cert/key dirs to. If absent, then root Group string //the group name to chown the cert/key dirs to. If absent, then athenz Domain string //name of the domain for the identity Account string //name of the account Services []Service //array of configured services Ssh bool //ssh certificate support Zts string //the ZTS to contact Roles map[string]ConfigRole //list of configured roles Version string //sia version number KeyDir string //private key directory path CertDir string //x.509 certificate directory path CountryName string //country name AthenzCACertFile string //filename to store Athenz CA certs ZTSCACertFile string //filename for CA certs when communicating with ZTS ZTSServerName string //ZTS server name, if necessary for tls ZTSAzureDomains []string //list of domain prefixes for sanDNS entries SanDnsWildcard bool //san dns wildcard support SanDnsHostname bool //san dns hostname support FileDirectUpdate bool //update key/cert files directly instead of using rename AddlSanDNSEntries []string //additional san dns entries to be added to the CSR }
Options represents settings that are derived from config file and application defaults
func NewOptions ¶
func NewOptions(bytes []byte, identityDocument *attestation.IdentityDocument, siaDir, version, ztsCaCert, ztsServerName string, ztsAzureDomains []string, countryName, azureProvider string) (*Options, error)
NewOptions takes in sia_config bytes and returns a pointer to Options after parsing and initializing the defaults It uses identity document defaults when sia_config is empty or non-parsable. It populates "services" array